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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even If timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I )^ Responsive to communication(s) filed on 01 November 2005 . 
2a)n This action is FINAL. 2b)^ This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 1-12, 14-20,22'24,37-54,57-67 and 73-79 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) 1-12, 14-20,22-24.37-54,57-67 and 73-79 is/are rejected. 
?)□ Claim(s) is/are objected to, 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)^ accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)\3 None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-12, 14-20, 22-24, 37-54, 57-67, 73-79 are pending. 



Response to Arguments 

2. Applicant has argued on page 24, Z'^ paragraph that "the claims do not merely recite a 
security policy, but recite a method for establishing a security policy" Applicant has emphasized 
this distinction over the claiming of a mere security policy and further argues: 

''However, even if a security policy is considered an abstract idea, the claims are directed to a 
practical application of establishing a security policy, not a security policy itself Thus, at least 
the independent claims, produce a 'useful, concrete and tangible " result " 

The Examiner disagrees. 

If a security policy were considered an abstract idea, then establishing the abstract idea would 
produce an intangible result. It would not produce a "useful, concrete, and tangible" result as the 
Applicant asserts. 

The Examiner has determined that a security policy, is in fact understood by those in the art to be 
an abstract idea, merely a step in a process of providing a tangible application. 
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The "Computer Security Reference Book", Jackson et al, 1992 has illustrated on page 199, 
Figure 20.1, that the Security poHcy is the first step in a long development path towards 
providing a working system, and that in between the steps of providing a working system, lie the 
steps of designing a security model, determining security requirements, developing a formal and 
functional specification, and performing intermediate stage development. 

The Examiner contends that Applicant step of establishing a security policy is but one 
developmental step, and furthermore, typically the First developmental step, in building a 
working system. 

"Computer Security Reference Book", Jackson et al, 1992, Page 200, paragraph 1 states: 
"The starting point for both paths is a generic security policy. This is a natural language 
description of the security principles and practices of the organization in which the system is 
going to be used" 

Paragraph 3 states: 

"In the informal development, the next step after the creation or adoption of a security policy is 
the statement of security requirements." 

Paragraph 4 states: 

"Next will come the function specification,.." 
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Paragraph 6 states: 

"Once validation of the specification against the requirements has taken place, the functional 
specification becomes the definitive description of the system to be implemented." 

From this, the Examiner contends that Applicant's claims which recite the establishing of a 
security policy, are not claiming a tangible system, but rather one that has even yet to be 
implemented. 

Furthermore, page 201, paragraph 3, recites that the next step of the development process, that is, 
the step after the establishing of a security policy is a security model. Paragraph 3 of page 201 
recites: 

"An alternative way of describing the security model is to say that it is a formal model of part of 
the security policy" 

paragraph 7 of page 201 states simply: 
"The security model will be quite abstract." 

"It may be a generic statement of the security policy that is yet to be implemented." 
Still furthermore, page 202. section 20.3.2 recites that: 
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"A security model need not be a formalized mathematical model. Most are not. In the worst 
case, a model is a conceptual model in someone's head!" 

"The user will have his idea of what the security rules are, and the developer will have his own 
ideas, and they are unlikely to be the same." 

Still furthermore, page 202, section 20.3.2 paragraph 6 states: 

"Security models are abstract, defining security properties and rules without any consideration 
of the functioning of a machine or system on which they are to be implemented." 

The Examiner will reiterate that the security model is the second step of the formal development 
path(Figure 20.1, page 199), and considered the "formal part of the security policy" page 201, 
paragraph 3. 

In light of this evidence, it is the Examiner's position that a security policy, and even the 
establishment of the security policy is an abstract idea and is thereby directed to non-statutory 
subject matter. 



Further arguments are presented in the rejection under 35 USC § 101 below. 
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Claim Rejections - 55 USC §101 
3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 



4. Claims 1-12, 14-20, 22-24, 37-54, 57-67, 73-79 are rejected under 35 U.S.C. 101 because 
the claimed invention is directed to non-statutory subject matter. 

MPEP2105 states 

"The laws of nature, physical phenomena and abstract ideas" are not patentable subject matter. 

The Examiner contends that Applicant's invention is an abstract idea. A security policy in itself, 
even if established (see below) is neither a process, machine, manufacture, nor composition of 
matter but is a conmion idea or concept shared among members of an organization. 

The Examiner further holds Claims 1-12, 14-20, 22-24, 37-54, 57-67, 73-79 to be non-statutory 
because it neither produces a concrete, useful, nor tangible result, (all three requirements are 
necessary) 
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"For such subject matter to be statutory, the claimed process must be limited to a practical 
application of the abstract idea or mathematical algorithm in the technological arts. See 
Alappat, 33 F.3d at J 543, 31 USPQ2d at 1556-57 (quoting Diamond v. Diehr, 450 U.S. at 192, 
209 USPQ at 10), See also Alappat 33 F.3d at 1569, 31 USPQ2d at 1578-79 (Newman, J., 
concurring) ^unpatentability of the principle does not defeat patentability of its practical 
applications') (citing O 'Reilly v. Morse, 56 U.S. (15 How.) at 114-19). A claim is limited to a 
practical application when the method, as claimed, produces a concrete, tangible and useful 
result; i.e., the method recites a step or act of producing something that is concrete, tangible and 
useful. See AT&T, 1 72 F.3d at 1358, 50 USPQ2d at 1452. " MPEP 2106 B(2)b(ii) 

''The claimed invention as a whole must produce a ''useful, concrete and tangible" result to have 
a practical application. " MPEP 2601 Section II A 

"A process that consists solely of the manipulation of an abstract idea is not concrete or 

tangible. See In re Warmerdam, 33 F3d 1354, 1360, 31 USPQ2d 1754, 1759 (Fed 

Cir. 1994). See also Schrader, 22 F.3d at 295, 30 USPQ2d at 1459. MPEP 2601 Section II A 

''A process that merely manipulates an abstract idea or performs a purely mathematical 
algorithm is nonstatutory despite the fact that it might inherently have some usefulness. In 
Sarkar, 588 F2d at 1335, 200 USPQ at 139'' MPEP 2106 B(2)b(ii) 
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Claims 1-12, 14-20, 22-24, 37-54, 57-67, 73-79 are further rejected under 35 U.S.C. 101 because 
the disclosed lacks utility. 

In particular, while claims 59-67 recite a physical apparatus, the function of the physical 
apparatus is to establish a security policy, which in light of "Computer Security Reference 
Book'', Jackson et al, 1992 is but an abstract concept and a step, namely the first step, in 
producing a working system. Page 199, figure 20.1 As "Computer Security Reference Book" 
has stated(page 202, section 20.3.2), in the worst case, a security model, the formalized version 
of a security poHcy(page 201, paragraph 3 & page 199, Figure 20.1) exists only in someone's 
head. Therefore, even a physical apparatus that produces a security policy, though tangible, does 
not satisfy the 35 USC 101 requirement for utihty. As evidenced by "Computer Security 
Reference Book", Jackson et al, 1992, it is the common understanding in the art that a security 
policy is an abstract construction, only the first step in producing a working system, and requires 
substantial formal and informal validation and verification before a working system can be 
derived from it. 

For this reason it is the Examiner's position that the results produced by the Claims 59-67, in 
view of the understanding of those skilled in the art, lack utility. 



Claim Rejections - 35 USC § 112 
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5. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

6. Claims 1-12, 14-20, 22-24, 37-54, 57-67, 73-79 rejected under 35 U.S.C. 112, first 
paragraph. 

Since the claimed invention is not supported by either an asserted utility consistent with the art or 
a well established utility for the reasons set forth above, one skilled in the art clearly would not 
know how to use the claimed invention. 

Additionally, details or methods of analysis critical or essential to the practice of the invention, 
but not included in the claim(s) is not enabled by the disclosure. See In re Mayhew, 527 
F.2d 1229, 188 USPQ 356 (CCPA 1976). Applicant's claims are a method of establishing a 
security policy. However the steps disclosed are deficient in that one of ordinary skill in the art 
would not be able to establish the security policy based on this disclosure. The Applicant has 
recited steps that depend on skill and responses of individuals within an organization and has a 
strong dependant basis on the merit of the individuals who provide the response. No technical 
guidance is presented in the claim as to how to create such a security policy. 
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While the AppUcant has amended the draft preparation step to further include details of how the 
draft is prepared, the disclosure still remains deficient because it fails to disclose the technical 
considerations that are crucial to development of the security policy. 



Application/Control Number: Q^0^f0» yd 2 Page 4^ 

Art Unit: 2134 



7. 



Conclusion 

Any inquiry concerning this communication from the examiner should be directed to 



Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessfril, the examiner's supervisor, 
Gregory A. Morse can be reached on (571)272-3838. 

The Examiner may also be reached through email through Thomas.Ho6@uspto.gov 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 Fax: 703-872-9306 
Customer Service Representative Telephone: 571-272-2100 Fax: 703-872-9306 



TMH 




February 6^', 2006 



SUPERVISORY PATENT EXAMINER 



